Share Email Print
cover

Proceedings Paper

Weak models for insider threat detection
Author(s): Paul Thompson
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

This paper describes the design for a content-based approach to detecting insider misuse by an analyst producing reports in an environment supported by a document control system. The approach makes use of Hidden Markov Models to represent stages in the Evidence-Based Intelligence Analysis Process Model (EBIAPM). This approach is seen as a potential application for the Process Query System / Tracking and Fusion Engine (PQS/TRAFEN). Actions taken by the insider are viewed as processes that can be detected in PQS/TRAFEN. Text categorization of the content of analyst's queries, documents accessed, and work product are used to disambiguate multiple EBIAPM processes.

Paper Details

Date Published: 15 September 2004
PDF: 9 pages
Proc. SPIE 5403, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense III, (15 September 2004); doi: 10.1117/12.548178
Show Author Affiliations
Paul Thompson, Dartmouth College (United States)


Published in SPIE Proceedings Vol. 5403:
Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense III
Edward M. Carapezza, Editor(s)

© SPIE. Terms of Use
Back to Top